HEX
Server: Apache
System: Linux wp02.tdr-lab.com 3.10.0-1160.42.2.el7.x86_64 #1 SMP Tue Sep 7 14:49:57 UTC 2021 x86_64
User: kusanagi (1001)
PHP: 7.4.23
Disabled: NONE
$ pwd: /etc/nginx/conf.d/
Upload Files
File: //etc/nginx/conf.d/lease-back.com_ssl.conf
#=======================================
# lease-back.com SSL
#---------------------------------------

server {
	listen       443 ssl http2;
	server_name  lease-back.com;

	ssl_certificate      /etc/letsencrypt/live/lease-back.com/fullchain.pem;
	ssl_certificate_key  /etc/letsencrypt/live/lease-back.com/privkey.pem;
	ssl_dhparam /etc/kusanagi.d/ssl/dhparam.key;

	ssl_session_tickets     on;
	ssl_session_ticket_key     /etc/kusanagi.d/ssl_sess_ticket.key;

	ssl_session_cache shared:SSL:1m;
	ssl_session_timeout  5m;

	#ssl_ct on;
	#ssl_ct_static_scts /etc/pki/tls/certs/scts;

	ssl_protocols TLSv1.2 TLSv1.3;

	ssl_ciphers "AES128+ECDHE:AES256+ECDHE:AES128+EDH:AES256+EDH:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4!CAMELLIA!AES128-SHA!AES128-SHA256!AES128-GCM-SHA256:!AES256-GCM-SHA384:!AES256-SHA256:!AES256-SHA!AES256-CCM8!AES256-CCM!AES128-CCM!ARIA128-GCM-SHA256!AES128-CCM8!ARIA256-GCM-SHA384";

	ssl_prefer_server_ciphers   on;

	## OCSP stapling
	#ssl_stapling on;
	#ssl_stapling_verify on;
	#resolver 8.8.4.4 8.8.8.8 valid=300s;
	#resolver_timeout 10s;

	access_log  /home/kusanagi/lease-back.com/log/nginx/ssl_access.log main;
	error_log   /home/kusanagi/lease-back.com/log/nginx/ssl_error.log warn;

	charset UTF-8;
	client_max_body_size 16M;
	root  /home/kusanagi/lease-back.com/DocumentRoot;
	index index.php index.html index.htm;

	location = /50x.html {
		return 403;
	}

	rewrite /wp-admin$ $scheme://$host$uri/ permanent;

	location / {
		try_files $uri $uri/ /index.php?$args;
		#include naxsi.d/wordpress/*.conf;
	}

	location = /favicon.ico {
		log_not_found off;
		access_log off;
	}

	location ~* /\.well-known {
		allow all;
	}

	location ~* /\. {
		deny all;
	}

	#include templates.d/shibd.conf;
	#include templates.d/multisite.conf;

	location ~* /(?:uploads|files)/.*\.php$ {
		deny all;
	}

	location ~* \.(jpg|jpeg|gif|png|css|js|swf|ico|pdf|svg|eot|ttf|woff|woff2|map)$ {
		expires 60d;
		access_log off;
	}

	location ~* \.(json)$ {
		access_log off;
	}

	location ~* /wp-login\.php|/wp-admin/((?!(admin-ajax\.php|images/)).)*$ {
		satisfy any;
		allow 0.0.0.0/0;
		allow 127.0.0.1;
		deny all;
		auth_basic "basic authentication";
		auth_basic_user_file  "/home/kusanagi/.htpasswd";
		location ~ [^/]\.php(/|$) {
			fastcgi_split_path_info ^(.+?\.php)(/.*)$;
			if (!-f $document_root$fastcgi_script_name) {
				return 404;
			}
			#include shib_fastcgi_params;
			#include shib_clear_headers;
			limit_req zone=one burst=10 nodelay;
			fastcgi_pass 127.0.0.1:9000;
			fastcgi_index index.php;
			fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
			include fastcgi_params;
			fastcgi_buffers 256 128k;
			fastcgi_buffer_size 128k;
			fastcgi_intercept_errors on;
			fastcgi_read_timeout 120s;
			#include naxsi.d/wordpress/*.conf;
		}
		include conf.d/security.conf;
		#add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains;preload;' always;
		#include naxsi.d/wordpress/*.conf;
	}

	location ~ [^/]\.php(/|$) {
		fastcgi_split_path_info ^(.+?\.php)(/.*)$;
		if (!-f $document_root$fastcgi_script_name) {
			return 404;
		}
		#include shib_fastcgi_params;
		#include shib_clear_headers;
		limit_req zone=one burst=10 nodelay;
		fastcgi_pass 127.0.0.1:9000;
		fastcgi_index index.php;
		fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
		include fastcgi_params;
		fastcgi_buffers 256 128k;
		fastcgi_buffer_size 128k;
		fastcgi_intercept_errors on;
		fastcgi_read_timeout 120s;

		set $do_not_cache 1; ## page cache
		set $device "pc";

		if ($request_method = POST) {
			set $do_not_cache 1;
		}

		if ($query_string != "") {
			set $do_not_cache 1;
		}

		if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in") {
			set $do_not_cache 1;
		}

		if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php|wp-.*.php|/feed/|index.php|wp-comments-popup.php|wp-links-opml.php|wp-locations.php|sitemap(_index)?.xml|[a-z0-9_-]+-sitemap([0-9]+)?.xml)") {
			set $do_not_cache 1;
		}

		if ($http_user_agent ~* " Android |\(iPad|Android; Tablet; .+Firefox") {
			set $device "tablet";
		}

		if ($http_user_agent ~* "Android .+ Mobile|\(iPhone|\(iPod|IEMobile|Android; Mobile; .+Firefox|Windows Phone") {
			set $device "smart";
		}

		fastcgi_cache        wpcache;
		fastcgi_cache_key    "$device:$request_method:$scheme://$host$request_uri";
		fastcgi_cache_valid  200 10m;
		fastcgi_no_cache     $do_not_cache;
		fastcgi_cache_bypass $do_not_cache;

		add_header X-F-Cache $upstream_cache_status;
		add_header X-Signature KUSANAGI;
		include conf.d/security.conf;
		#add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains;preload;' always;
		#include naxsi.d/wordpress/*.conf;
	}

	location ~ /fcache-purge/([^/]+)(/.*) {
		allow 127.0.0.1;
		deny all;
		fastcgi_cache_purge wpcache "$1:GET:$scheme://$host$2";
	}
}
@ Telegram